- releases/manifest.json: Seed release manifest for update server
- update.rs: Make UPDATE_MANIFEST_URL configurable via ARCHIPELAGO_UPDATE_URL env var
- CONTRIBUTING.md: Comprehensive contribution guidelines covering code style,
PR process, testing, security disclosure, and app submission
- .github/ISSUE_TEMPLATE/: Bug report, feature request, and app submission
issue templates with structured forms
- .github/pull_request_template.md: PR template with checklist
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Server.vue: Add loading/disabled state to WiFi connect button,
success toast on WiFi connection
- Credentials.vue: Disable verify button when input empty, add
disabled styles
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Server.vue: Add user feedback for disk cleanup and restart operations
- Credentials.vue: Add clipboard fallback, better identity load error handling
- Federation.vue: Add clipboard fallback for invite code copy
- ContainerApps.vue: Wrap polling intervals in try-catch to prevent
unhandled promise rejections from background refresh
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 30 UX audit findings verified resolved. Added the last missing
loading indicator for Cloud.vue file count fetching. All P0, P1, and P2
items from docs/ux-audit-2026-03.md are now addressed across Login,
Home, Apps, Server, Chat, Federation, Credentials, Settings, Marketplace,
Web5, SystemUpdate, and Cloud views.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Every empty/comment-only catch block now logs a descriptive warning
in dev mode via `if (import.meta.env.DEV) console.warn(...)`. Covers
15 files across views, stores, components, and utils. Zero silent
catches remaining.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
41 tests passing, type-check and build clean. This becomes the
regression target — counts must only go down.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Security headers already present in nginx config (X-Content-Type-Options,
X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy). Removed
Access-Control-Allow-Origin: * from electrs-status — CORS is now handled
by the backend with origin validation. Deployed and verified all headers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace blanket cors_origin() with validate_origin() that checks the
incoming Origin header against allowed origins (host IP + dev server).
Unknown origins no longer receive Access-Control-Allow-Origin headers.
Also added X-CSRF-Token to allowed CORS headers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Double-submit cookie pattern: backend generates csrf_token cookie on login
(non-HttpOnly so JS can read it), validates X-CSRF-Token header matches
cookie on all authenticated RPC calls. Returns 403 if missing/mismatched.
Frontend reads cookie and sends header automatically.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Shows detected physical interfaces (ethernet/wifi) with IP, MAC, and
status. WiFi scan button opens a modal with signal strength bars and
password-protected connection flow. Uses network.list-interfaces and
network.scan-wifi RPC endpoints.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add network.list-interfaces, network.scan-wifi, network.configure-wifi,
and network.configure-ethernet endpoints using ip and nmcli commands.
Includes input validation to prevent command injection. Deployed and
verified — list-interfaces returns real interface data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full-width card with color-coded progress bars (green <70%, orange
70-90%, red >90%) and uptime display. Calls system.stats RPC on
mount and refreshes every 30s. Deployed and verified.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Read real metrics from /proc/stat, /proc/meminfo, /proc/uptime, /proc/loadavg,
df, ps, and /sys/class/thermal/. CPU usage computed via dual-sample jiffies.
Deployed and verified on live server — all three endpoints return real data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Web3 card showed hardcoded values (3 active, Valid, 2.4 GB, 1
configured) for features that don't exist yet. Replace with subtle
"Coming Soon" pill badges to avoid misleading users.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace hardcoded values with live data from network.diagnostics and
router.list-forwards RPC calls. Add skeleton loading states and
graceful N/A fallbacks when endpoints are unavailable.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
express.json() middleware was consuming the binary file body before the
upload handler could drain it, causing 404/parse errors on file uploads.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Removed !isEmbedded guard from mobile tab auto-switch watchers in
ChatPage.vue. When running embedded in Archy iframe on mobile,
clicking a chat bubble now correctly switches to the content panel.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The entrypoint now injects client_max_body_size 0 at runtime if missing,
as a safety net against Docker layer caching of the nginx config.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Location-level override wasn't sufficient. Setting at http block
disables the body size limit globally for the demo.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Onboarding:
- Fixed viewport to use dvh units with position:fixed container
- All views use scrollable glass containers that fit within viewport
- Responsive typography and spacing (mobile-first breakpoints)
- Tighter padding/margins on small screens
- RootRedirect checks localStorage first for instant redirect
- Spinner only appears after 500ms delay to avoid flash
Filebrowser:
- Fix CloudFolder null initialPath crash (watch both useNativeUI + section)
- Remove unused `host` computed (was causing TS error)
- Add mock GET /app/filebrowser/ landing page
- Increase express.json limit to 50mb
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mock backend lan-address now uses localhost so hostname replacement works
correctly. CloudFolder external URLs use origin-relative proxy paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The My Apps page went blank after installing apps because pkg['static-files'].icon
was accessed without optional chaining on dynamically installed packages that lack
the static-files property.
- Make static-files optional in PackageDataEntry type
- Add defensive ?.icon access with fallback in Apps.vue and AppDetails.vue
- Add filebrowser to mock backend staticDevApps (enables Cloud page in demo)
- Expand portMappings and marketplaceMetadata for all marketplace apps
- installPackage now uses staticApp() format for consistent data shape
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixes "Method not found: identity.create" on demo onboarding. Adds handlers
for all identity, nostr, content, network, router, and peer RPC methods so
no method-not-found errors occur anywhere in the demo. Expands marketplace
from 2 to 12 apps, adds 5 static dashboard apps, randomizes metrics, and
populates peer/message data for a richer demo experience.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Set http1_keep_alive(false) on hyper server to prevent connection
reuse issues with nginx reverse proxy
- Clean up nginx proxy config: remove upstream block, use direct
proxy_pass to 127.0.0.1:5678
- Update AppLauncherOverlay and appLauncher store with UI fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Allow zero-amount Lightning invoices (BOLT11 "any amount") by changing
validation from amount_sats < 1 to amount_sats < 0
- identity.verify now extracts pubkey directly from did:key format instead
of requiring the DID to belong to a local identity
- tor.create-service writes config to data_dir/tor-config/ instead of
/var/lib/archipelago/tor/ (owned by debian-tor, not archipelago user)
- Add E2E test script (scripts/run-e2e-tests.sh) covering 47 RPC endpoints
- Add testing plan with results (loop/testing.md)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The credential issuance and verification handlers used
Handle::block_on() directly inside the tokio runtime, causing a
deadlock. Wrapped with block_in_place() to properly yield the
runtime thread.
Also completed full feature verification across all 25 test groups
(~175 checks) on live server.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All apps with Bitcoin dependencies now check for running Bitcoin Knots
before install. Mempool also requires Electrs. BTCPay logs a warning
when installed without LND (Lightning payments unavailable).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All PORT_TO_PROXY mappings match nginx config (APP-103).
First-boot creates all marketplace app containers (APP-104).
get_app_config handles all 24 apps (APP-105).
get_app_metadata has entries for all 24 apps (APP-106).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Apps with absolute-path redirects (Jellyfin, Portainer, PhotoPrism,
OnlyOffice, Uptime Kuma, Fedimint) now correctly open in new tab on
HTTPS where subpath proxy breaks their redirects, but still use iframe
on HTTP where direct port access works fine.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Added searxng, onlyoffice, filebrowser, nginx-proxy-manager, portainer,
and tailscale to first-boot-containers.sh so fresh ISO installs have all
marketplace apps ready. Fixed penpot icon path in Marketplace.vue to use
the correct app-icons directory.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update all skill SSH commands from sshpass to key-based auth (~/.ssh/archipelago-deploy)
- Add proxy_connect_timeout 120s to nginx Ollama location blocks
- Add new polish/sweep skills for overnight automation
- Add demo content (documents, photos) for demo stack
- Add .ssh/ to .gitignore
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the brief 4-item checklist with a comprehensive file-level
checklist covering backend, frontend, nginx, deploy, first-boot, and
ISO build. Ensures no file is missed when adding or modifying apps.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
